i have made a test security and i have found the fallowing : we have the fallowing synoposis : [root@server4 www]# ls -alh total 144K drwxr-x--- 6 usertest nobody 4.0K Apr 10 20:09 . drwx--x--x 13 usertest usertest 4.0K Apr 7 02:16 .. -rw-r--r-- 1 usertest usertest 184 Apr 6 21:29 .htaccess lrwxrwxrwx 1 usertest usertest 38 Apr 6 22:48 im1.txt -> /home/anotheruser/public_html/config.php -rw-r--r-- 1 usertest usertest 3 May 3 2011 index.html i can read the file of other user without any probleme !!! normally it should verify the ownership of files before handel them . NOTE , i use nginx as proxy of apache . when i use just apache a get a 403 error (this is a normal result) , with nginx i can read the file , becuase nginx hadler the static files + images anyfix for this ? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,225152,225152#msg-225152
on 2012-04-11 03:38
on 2012-04-11 03:44
2012/4/11 activa <nginx-forum@nginx.us>: > > anyfix for this ? > disable_symlinks if_not_owner;
on 2012-04-11 04:26
where shod i add this ? in nginx conf or in vhost conf ? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,225152,225155#msg-225155
on 2012-04-11 04:46
as i have found n is only available in developper version , not the stable version . Posted at Nginx Forum: http://forum.nginx.org/read.php?2,225152,225156#msg-225156
on 2012-04-11 06:19
installed nginx-1.1.18 and probleme was resolved . Posted at Nginx Forum: http://forum.nginx.org/read.php?2,225152,225158#msg-225158
on 2012-04-18 05:32
is this available in stable version 1.0.15 ? disable_symlinks if_not_owner; Posted at Nginx Forum: http://forum.nginx.org/read.php?2,225152,225454#msg-225454
on 2012-04-18 05:39
2012/4/18 activa <nginx-forum@nginx.us>: > is this available in stable version 1.0.15 ? > > disable_symlinks if_not_owner; > Nope, it's new in 1.1.x (since 1.1.16)
on 2012-04-24 12:53
So just exactly where would you start off It s surely Karen Millen Dresses a very good notion to discuss with your spending price range worksheet really 1st so you recognize the worth variety to target on. From there, give thought to what can make you along with your husband or wife distinctive. Do you both love golfing Are you currently wine connoisseurs How about a design In the event your wedding ceremony has a single, there s confident to be a favor to enhance that idea. Would you wish the favor for being the place holder If that is so, choose 1 that enables you to jot down the person s name and table quantity.http://www.birkinuk.com/ [url=http://www.nieos.com/karen-millen-one-shoulder-c-1... Millen One Shoulder[/url] [url=http://www.nieos.com/karen-millen-solid-color-c-15... Millen Solid Color[/url] [url=http://www.nieos.com/karen-millen-multicolor-c-16.html]Karen Millen Multicolor[/url] [url=http://www.birkinuk.com/accessories-hermes-belts-c... Belts[/url] [url=http://www.birkinuk.com/hermes-birkin-bag-25-bouga... Birkin bag 25 Bougainvillier Ostrich leather Gold hardware[/url] Posted at Nginx Forum: http://forum.nginx.org/read.php?2,225152,225703#msg-225703
on 2012-04-26 15:29
"disable_symlinks" do not work with "try_files" directive. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,225152,225816#msg-225816
on 2012-04-26 16:43
Hello!
On Thu, Apr 26, 2012 at 09:29:12AM -0400, charlie wrote:
> "disable_symlinks" do not work with "try_files" directive.
It does.
Maxim Dounin
on 2013-01-05 16:31
Maxim, I found that the disable_symlinks option does not work properly when the permissions are restrictive. Please see my observations on http://serverfault.com/q/463243/51929. In summary: ngx_file_info_wrapper() tries to open() a file if symlinks are disabled. That fails if nginx does not have read permissions for the said file. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,225152,234722#msg-234722
on 2013-01-05 17:26
On Saturday 05 January 2013 19:30:46 Lekensteyn wrote: > Maxim, I found that the disable_symlinks option does not work properly when > the permissions are restrictive. Please see my observations on > http://serverfault.com/q/463243/51929. > > In summary: ngx_file_info_wrapper() tries to open() a file if symlinks are > disabled. That fails if nginx does not have read permissions for the said > file. > So, you found exactly what the documentation says: http://nginx.org/r/disable_symlinks wbr, Valentin V. Bartenev -- http://nginx.com/support.html http://nginx.org/en/donation.html
on 2013-01-05 18:42
I consider it a feature if try_files and if can really check whether a file exists or not (instead of accessible). I have cooked a patch [1] that implements this functionality. Please review, comments are welcome. Note: this patch changes behaviour. Previously, files which were not accessible were simply skipped. After applying this patch, files which exist, but are not accessible are not skipped. Maybe an option can be added to try_files and if to toggle this behavior? Regards, Peter [1]: http://lekensteyn.nl/files/0001-Do-not-require-rea... Posted at Nginx Forum: http://forum.nginx.org/read.php?2,225152,234726#msg-234726
Enable email notification
Enable multi-page viewPlease log in before posting. Registration is free and takes only a minute.
Existing account
(Switch to SSL-encrypted connection)
NEW: Do you have a Google/GoogleMail or Yahoo account? No registration required!
Log in with Google account | Log in with Yahoo account
Log in with Google account | Log in with Yahoo account
No account? Register here.